package com.imooc.oauth2.server.config;

import javax.annotation.Resource;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

import cn.hutool.crypto.digest.DigestUtil;

/**
 * \* @author: bear
 * \* Date: 2021-07-11-14:47
 * \* describe:
 */
@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
	//注入redis 接口工厂
	@Resource
	private RedisConnectionFactory redisConnectionFactory;

	//初始化 RedisTokenStore 用户讲token存储至redis中
	@Bean
	public RedisTokenStore redisTokenStore(){
		RedisTokenStore redisTokenStore = new RedisTokenStore(redisConnectionFactory);
		redisTokenStore.setPrefix("TOKEN:");//设置key的层级，用于方便查询
		return redisTokenStore;
	}

	// 初始化密码编码器，用MD5加密密码
	@Bean
	public PasswordEncoder passwordEncoder(){
		return new PasswordEncoder() {
			/**
			 * 加密
			 * @param charSequence 原始密码
			 * @return
			 */
			@Override
			public String encode(CharSequence charSequence) {
				return DigestUtil.md5Hex(charSequence.toString());
			}

			/**
			 * 验证密码
			 * @param charSequence 原始密码
			 * @param encodePassword 加密密码
			 * @return
			 */
			@Override
			public boolean matches(CharSequence charSequence, String encodePassword) {
				return DigestUtil.md5Hex(charSequence.toString()).equals(encodePassword);
			}
		};
	}
	//初始化认证管理对象
	// 初始化认证管理对象
	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}

	//放行认证规则

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable()
				.authorizeRequests()
				//执行的请求
				.antMatchers("/oauth/**","/actuator/**").permitAll()
				.and()
				.authorizeRequests()
				//其他请求必须认证才能访问
				.anyRequest().authenticated();
	}
}
